PT-2026-43131 · Gnu · Libredwg
Pwn3Rd
·
Published
2026-04-22
·
Updated
2026-07-09
·
CVE-2026-9503
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
GNU LibreDWG versions prior to 0.15
Description
A security flaw in the DWG File Handler component occurs within the
dwg next entity() function of the src/decode.c file. The issue is caused by incorrect resource cleanup or release, leading to a null pointer dereference. This can be exploited by a local attacker to cause a denial of service (DoS), which is a condition where the system or application becomes unavailable to its intended users.Recommendations
Update to a version later than 0.14.
As a temporary workaround, restrict access to the
dwg next entity() function to minimize the risk of exploitation.Exploit
Fix
NULL Pointer Dereference
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libredwg